Submission Details
Severity:
In `RamNFT::mintRamNFT` there is a possibility of Reentrancy as effects are done after an external call
Summary
We can clearly see that effects are done after an external safeMint call
function mintRamNFT(address to) public {
uint256 newTokenId = tokenCounter++;
--> _safeMint(to, newTokenId);
--> Characteristics[newTokenId] = CharacteristicsOfRam({
ram: to,
isJitaKrodhah: false,
isDhyutimaan: false,
isVidvaan: false,
isAatmavan: false,
isSatyavaakyah: false
});
}
Impact
Someone can mint the RamNFT again and agian without changing the characterstics
Tools Used
Manual Review
Recommendations
-
Use Reentrancy Guard
-
Make the function follow CEI to prevent it
-
Do this instead
function mintRamNFT(address to) public {
uint256 newTokenId = tokenCounter++;
+ Characteristics[newTokenId] = CharacteristicsOfRam({
+ ram: to,
+ isJitaKrodhah: false,
+ isDhyutimaan: false,
+ isVidvaan: false,
+ isAatmavan: false,
+ isSatyavaakyah: false
+ });
- _safeMint(to, newTokenId);
- Characteristics[newTokenId] = CharacteristicsOfRam({
- ram: to,
- isJitaKrodhah: false,
- isDhyutimaan: false,
- isVidvaan: false,
- isAatmavan: false,
- isSatyavaakyah: false
- });
+ _safeMint(to, newTokenId);
}
Updates
Lead Judging Commences
bube over 1 year ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Invalid - reentrancy in safeMint
The problem is that the `mintRamNFT` function is public and anyone can call it, not that the function uses `_safeMint`.
Rewards breakdown
nSLOC
218This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.